eb2f7d841fd42acce554731e24bdacbe9dcbe212d2f011f34b8030c9139d0ea3

Analysis

max time kernel
1800s
max time network
1810s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
18-03-2024 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aimp_5.30.2541_w32-ints.exe
Size

15.1MB
MD5

560f1ab2af7302a4b9847dbc3c363adf
SHA1

652a6264a725e6d641735b4d1069f0b805ae2e16
SHA256

eb2f7d841fd42acce554731e24bdacbe9dcbe212d2f011f34b8030c9139d0ea3
SHA512

1cc7ee446994f0f3ec55d5c6526d441c1b075418b60f808119644a8d4c3854f6e3161b5d3ec5baf57a25d67b03b41ef02df8e748e4f2bed9d07574f2c34d0cbf
SSDEEP

196608:+1EA3j8x6OHnG9CtggkXH8CrI1mtZu+17SHTYPJIso1SOR2LRu7MF88ljkt/VuAU:+GAFOHncgmgeZ97mERIXR2Lbi8ljC0J1

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
1	mediafire.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3892	msedge.exe
3892	msedge.exe
3128	msedge.exe
3128	msedge.exe
2420	msedge.exe
2420	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2472	aimp_5.30.2541_w32-ints.exe
Token: SeIncBasePriorityPrivilege	2472	aimp_5.30.2541_w32-ints.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 2128	3128	msedge.exe	93
PID 3128 wrote to memory of 2128	3128	msedge.exe	93
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 4040	3128	msedge.exe	94
PID 3128 wrote to memory of 3892	3128	msedge.exe	95
PID 3128 wrote to memory of 3892	3128	msedge.exe	95
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96
PID 3128 wrote to memory of 4320	3128	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\aimp_5.30.2541_w32-ints.exe
"C:\Users\Admin\AppData\Local\Temp\aimp_5.30.2541_w32-ints.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd49793cb8,0x7ffd49793cc8,0x7ffd49793cd8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,18085685674986067345,13198738306979891412,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
80e4c81ba395368239ada52da624054c

SHA1
99f0b50af80bc967d0d826d7726d1e31c9d022a0

SHA256
2b5f4bcd9158adb8739e138cb24acc8031ebcc3c0e4683dd53a0867ef27d19ae

SHA512
2dcfad69f93882dd7fe99046fb1e3303db2c15198dcee2f2a3b27dd3d1808b13dc5049bcd0604a0cebdeab899e7a7912952e42cf7493df1452413afed38a7580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b9b8b5470743796bb7960941f3fd8f85

SHA1
2eba2e7f3d0588c24036eac5353e37d4b8571712

SHA256
964f20fd9c8f1ade64b7de8154a03d3b68993e5878239ba55220bf3fd34742be

SHA512
5b7ce49d7e50b489909ac6e2044b335069689675acfc32742e73c5d3061c968956adb3a2f29b7f1854a7795ad2882b6665254e88397a7139746997ad18895b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55841b7adeccb39de3ec6484b8ef0574

SHA1
39e870fce4ab63facc11bc2e417beda350bdfd48

SHA256
1ca280627b7808fbe91a7267ccefb27bd0459de7415761ddfbcf59b785bed041

SHA512
d96b70902fb5a3963b2eb5b1537ba81899e9a4d09e6ea5930927469c977bb8a7da3b6a73f22190d34c831aed4200fd6647cf796d0e678ea2771952912c412686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19a52c8f981f6c33b46716f376c3627c

SHA1
4e5f9317ed6b05c41a3ea3fb171ac66a796f8a88

SHA256
f698941338337439c178deb514d0c6908a6be9469a7eb1dcc44cf8c4ce18e63e

SHA512
2c912f0eb99f91e389afbb8b04d47df609a30afae91f19ebe716db12a5a694114c3caca26d9b983114e89935af4404397fb52125b331d9b5a325e8ae5c250e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b9e585fc897e8e0d6899a4dbd0eaf5b

SHA1
79f13b521bdbf5d796441ec62a81f2a0ee7f574d

SHA256
a51259677843a65561431b3a53d51fdd77b32d295986350086eb00c33669dfab

SHA512
9879f4f99175ba8b68b92786a7face7f6bfb442c58e70a92e4863a0a10e075db758b81e4669ae447e1db4b7df4930b5192f50812f89129faa0f98ed0a18e5ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e3bc418f-5f62-4cec-a82d-1651bde78efd.tmp

Filesize
7KB

MD5
41f7092f3ded482c4b7372bdb36fcad7

SHA1
024111a33328d4c4c7459affd92a96eced24ad61

SHA256
bab0b78003e3ebfede097ef36ff26eb929255d63bd1c680002429875d11f01d4

SHA512
14db7e69649e49aab7d319160a0a959d4cfaa5ed1dd6701b18f48aee89639c1f3188c8f7f1e60f1b1cc0ffe471d22ceceb9de405ea9071685861f46d8aad9186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3242ce0733e43485c5c70c39db217602

SHA1
98d7136d0f31cfec170c520e236fe3fe38a8594f

SHA256
9e9e02ee83e63c34bdeadc8d707828e5df76e3085dc3b03256230e92098bb7cf

SHA512
51731bec573bea386c736d35524a36a1529ba3b0070cf591923cfa745389c2af832ead44571e676ac994252b0452b5da03523570809268757ba8064942b58873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f110ad4887aab85b49e8c951a4859728

SHA1
485465bfe00a01ed37544358bf5c2ec917424e00

SHA256
b39e0e6ce875da8f538eb4774f1665a12179034fd724963434f9f594459921ff

SHA512
cf76161b113713ddc09f338a7310b9fc0a0e820252df749a6b1fa848632f1704cdd24fd461ebe4ed1ca472226f8faa4601868a9746d51ad7cc399ce56640ca66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ae8f8ed4e45164bc6e5b6de869a0e05d

SHA1
287c1340fb7f7d3a9760e2e424a5e7006a3767b8

SHA256
1abb3b9e521b2a7a10dc1007f860a2cd8b6aa1a6ca4a305f3731678e9175cd20

SHA512
4bf728202bb4797e1ed1d2647a5aa55ad3ee29c00dbba54e54174d6f50be57fb9f977f9a1cab9e034e95cfd4923cca2a85d943ba1dd46377b23086afd659cef2

Download Submit
memory/2472-0-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/2472-54-0x0000000000400000-0x0000000001359000-memory.dmp

Filesize
15.3MB

Download
memory/2472-31-0x0000000000400000-0x0000000001359000-memory.dmp

Filesize
15.3MB

Download
memory/2472-3-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/2472-1-0x0000000000400000-0x0000000001359000-memory.dmp

Filesize
15.3MB

Download